package com.first.run.config;

import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

public class JWTFilter extends BasicHttpAuthenticationFilter {

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws UnauthorizedException {
        //获取请求头
        String authorization = ((HttpServletRequest) request).getHeader("Authorization");
        //获取请求路径
        String path = ((HttpServletRequest) request).getServletPath();
        if(null == authorization){
            throw new UnauthorizedException("没有访问权限");
        }else{
            //截取token
            String token = authorization.substring(authorization.indexOf(" ")+1);
            if("/unauthorized/login".equals(path)){
                //登录请求
                //校验登录token
            }else{
                //其他请求
                //校验用户token
            }
        }

        return true;
    }



}
